How to test one's firewall strength

[The Stigenator]

I have a client of mine who is asking about checking/rating of how secure his firewall is.
I need something to scan his firewall. I was thinking of GRC, however they only do limited scans.
I was also thinking of "nmap" a linux command, however I have to see if I have nmap installed on my system, I know my brother has access to it on his work server.

Anything else, maybe some professional place that rates security?

Edit:

PM me anything that you dont want to post here.

 

[Yzzim]

I heard on the news that you can hire hackers to test out your security. I'm sure if you did a search you'd come up with a couple listings

 

[randomlinh]

try here

i don't know how well it does, but it's a start.

 

[aceO07]

Bump, I'm interested in knowing more about this too..

I did some research last month and came up with these results. HackerWhacker provides a first free extensive scan. I also thought SecurityPortal seemed interesting, but I only visited once.

 

Get some script kiddies to go after it with their t3s.

 

[Green Man]

DSLreports will perform a scan for you.

 

[Batti]

Max Vision from whitehats.com does penetration testing. Look here

If you decide to do an nmap probe yourself, get everything in writing!!! This is a crime in many areas, and more than one well intentioned employee or consultant has run afoul doing this.

 

[rahvin]

Run an nmap "heavy" scan, it will hammer the server looking for known vulnerabilities. nmap is the program of choice for script kiddies.

 

[warcleric]

Go to efnet and join #hack, and say &quot;I have the best firewall in the world at 255.255.255.255 <insert your ip address here>.

 

[BigSmooth]

Isn't there some site, I think it's www.vulnerabilities.org, that I think Emulex has linked in his sig? I think it tests security or something like that, I am too lazy to follow my own link.

 

[Emulex]

yup we run the latest devel version of the popular nessus scan online. no cost. nada. zip. free service. If you point this at a box, it will set off all the alarms, and put the smack down on your box, router, server. I still haven't figured out how it causes my windows me box to hard reboot without a blue screen. Crappy windows tcp/ip stack.

Nessus, ISS, Retina, Cybercop, all good stuff. I use them all, each have their strong and weak points. Nessus is probably the best of all, considering it does most and then some of all the other scanning softwares, and is free

my box (see below sig) scans about 150 servers a day nowadays.

 

[TheManiac]

Emulex's service rox!! He tested me out...

 

[Emulex]

yah we had some bugs testing the new stable version 1.0.8 recently, so we switched back to the 1.1.0 beta, its much faster and more reliable (Strange). Good program no less.. Hopefully the bugs will be gone soon.